\chapter{Introduction}
\pagenumbering{arabic}
Since the first packet was sent on October 29, 1969 over the ARPANET by
Leonard Kleinrock \cite{first_packet}, the Internet has revolutionarily
changed the way we communicate with each other.
According to a report of OECD, as of December 2006, there are almost 200 million
broadband subscribers in industrial countries \cite{oecd}. Information is
disseminated over websites, messages are transmitted via e-mails and
applications like Voice over IP (VoIP) are becoming  serious competitors
of traditional telecommunication companies.

Only several years ago, the Internet access was still bound to wired 
cables. 
But with the standardization of the IEEE 802.11,
which began in 1997 \footnote{802.11 legacy, the standard
802.11a and 802.11b in 1999}, massive deployment of wireless networks has
taken 
place. Today besides wireless access points in companies, institutions, universities etc., 
wireless equipments are also affordable for normal broadband subscribers,
which makes wireless deployment spreading rapidly.

\section{Wi-Fi Sharing and its Problems}
In contrast to the ubiquity of the wired broadband Internet, a user only has
few choices for the Internet access outside his home. Although there are
many wireless access points in
the city, they are either protected or expensive commercial hotspots.
Another possibility for a user 
is to use the expensive and slow UMTS.

Due to the wireless nature of the access points and the high speed which 
the 802.11 b/g
standards provide (up to 54 Mbps) and an indoor distance coverage
up to 100
meters \cite{802.11_coverage}, hobbyists have begun to share their bandwidth with their
neighbors since the Wi-Fi enabled equipments were affordable, especially by
choosing the ADSL broadband flat rate, the subscribers only pay a fixed
amount of money. These
grass root movements developed slowly to Wi-Fi sharing communities, some of
them are adopted and promoted by some commercial companies like FON Wireless
Ltd. with business models \cite{FON}.

As of September 2007, FON \footnote{The term FON refers to the community, 
and FON Wireless Ltd. refers to the company behind it} is the largest Wi-Fi
sharing community with more than 
500.000 registered members and more than 300.000 
access points worldwide \cite{fon_number}.

FON members who let other members share their bandwidth 
can use others' access points of the community as services in return and
hence get Internet access everywhere in the world where a FON router is
available.
However, this model has its own problems which discourage users from sharing
their bandwidth. We summarize the problems as follows:

\begin{itemize}
\item The Internet access is granted after a successful authentication in a
web portal. Although the web portal is protected by a SSL-certificate, 
an attacker can
manipulate or fake a community router to steal the identity of a legal
user, because there is no authentication of the community router. 
\item Since the traffic after the authentication is sent over an open
wireless link, the traffic is visible to everyone. An attacker can
sniff sensible data like e-mails, login, passwords etc. Moreover,
transmission in plaintext is also susceptible to identity theft.
\item A serious issue for the operator of the wireless router concerns
the
legal liability. Due to the contracts with the ISPs and the local laws, the
owner of the wireless router may be held responsible for all activities in
association with the IP address of the router.
\end{itemize} 
\section{The Peer-to-Peer Wi-Fi Sharing Approach}
In order to overcome the shortcomings of the current Wi-Fi sharing 
systems, we need a system
which uses  encryption and strong authentication, and especially 
which takes the legal issue into account. We propose a
\emph{peer-to-peer approach for Wi-Fi sharing} which firstly lets people 
share their bandwidth without worrying about the legal liability, and 
secondly
encrypts the traffic so that security for the end user is provided.

Similar to the current Wi-Fi sharing models, users in our model also
provide other users with part of their bandwidth for sharing. We use another
router to solve the legal issues. We call the second router the \emph{home
router} because it is typically located in the mobile user's home. A
secure tunnel is established between the mobile user and the home router.
Physically, all the Internet traffic of the mobile user is sent through the
tunnel as payload. On the home router, the encapsulated payload will be
decapsulated and sent as IP packets to their destinations. Logically, the
mobile user is using his own home router for the Internet and this solves all
the legal issues. An attacker cannot eavesdrop the traffic because the
tunnel between the mobile user and the home router is encrypted.
The basic setting of our model 
is depicted in Figure \ref{img:pisa}.
\begin{figure}[htb]
 \centering
 \includegraphics[width = 11cm]{pics/pisa}
 \caption{The peer-to-peer approach for Wi-Fi sharing}
 \label{img:pisa}
\end{figure}

Our model utilizes the
\emph{Host Identity Protocol} (HIP) \cite{hip_arch} to 
achieve the point-to-point encryption and authentication. HIP is an emerging technology designed to solve problems which
are caused by the dual role of IP address. It creates 
a new namespace 
between the IP layer and the transport layer, namely the Host Identity (HI) namespace. Host Identities are 
public keys which are associated with their private keys. 
HI will be used to represent
the identity of the computer and the IP address is only used for routing. 
Before a HIP association is established, the two endpoints start a four way
handshake process in which the peers are mutually authenticated and an IPsec
tunnel will then be established. During the communication, a peer can
change its IP addresses and update it without breaking the ongoing
transport layer connections. Thus, HIP makes mobility possible. 
In our approach, tasks like endhost authentication, establishment of an IPsec
tunnel and other features like mobility are delegated to HIP. However, the
protocol must be extended and modified to meet our requirements.
\section{Scope}
The scope of the thesis is limited to design a secure and scalable
Wi-Fi Sharing System. The prototype implementation consists of integration
of 
the user access control into the HIP Base Exchange and the Update process, the traffic control of
the middlebox, the traffic tunneling and optimization techniques.

\section{Organization of the Thesis}
Rest of the thesis is organized as follows: Chapter \ref{cha:backgrounds} presents background
information related with the thesis. Chapter \ref{cha:requirements} describes the
requirements for the design and implementation. Chapter \ref{cha:related_works} introduces related work in area of Wi-Fi security. The design of the solution is
presented in Chapter \ref{cha:design} and the implementation issues in 
Chapter \ref{cha:implementation}. The
solution is analyzed and evaluated in Chapter \ref{cha:evaluation} and 
Chapter \ref{cha:outlook} will then
present the conclusions of the thesis with discussions of the possible
future work.
\nocite{da:mika}
\nocite{da:miika}
\nocite{da:lhip}
\nocite{da:multi_hip}
